Senators, staffers are next on Russia's cyber hit list, says report

By Lauren C. Williams

Jan 12, 2018

The U.S. Senate could be the next target of the Russian hackers who went after the Democratic National Committee in the run-up to the 2016 election, according to a report released Jan. 12 by cybersecurity firm Trend Micro.

The report said that digital breadcrumbs thought to be unique to the hacking group nicknamed Fancy Bear have been detected in email spear-phishing campaigns targeting U.S. Senate online credentials during the latter part of 2017.

"While these emails might not seem to be advanced in nature, we've seen that credential loss is often the starting point of further attacks that include stealing sensitive data from email inboxes," security researcher Feike Hacquebord wrote in a blog post announcing the findings. Tokyo-headquartered Trend Micro referred to Fancy Bear as Pawn Storm throughout its report.

Some of the emails were masked as Microsoft Exchange messages warning of expired passwords or notifying users of files added to OneDrive as a way to get login credentials, the report found.

"These attacks don't show much technical innovation over time, but they are well prepared, persistent, and often hard to defend against," Hacquebord said. "Pawn Storm has a large toolset full of social engineering tricks, malware and exploits, and therefore doesn't need much innovation apart from occasionally using their own zero-days and quickly abusing software vulnerabilities shortly after a security patch is released."

Fancy Bear, which was previously linked to the DNC hacks and election meddling across Europe and the Middle East, has also been tied to attacks on winter sport associations, the report stated.

Hacquebord told the Associated Press that the phishing attacks on the Senate credentials mimicked those made last year ahead of the French elections.

"That is exactly the way they attacked the Macron campaign in France," he told the AP.

"They're still very active -- in making preparations at least -- to influence public opinion again," he said. "They are looking for information they might leak later."

Sen. Ben Sasse (R-Neb.) issued a statement following the report's release calling on the Trump administration to address the cyber threat head on.

"Putin couldn't be happier with Washington's obsession with making everything about settling partisan scores instead of preparing for 2018 and 2020," said Sasse, who sits on the Senate Armed Services Committee.

"Last year, FBI Director [James] Comey said he was certain that Senate IT systems have been targeted and the Attorney General said we weren't doing enough to prepare for Russia's next attack. The Administration needs to take urgent action to ensure that our adversaries cannot undermine the framework of our political debates and the Attorney General should come back to Congress and explain what steps he's taken since last year," Sasse said.

Sen. Sheldon Whitehouse (D-R.I.) told FCW via email that the warning in the report from Trend Micro, "reinforces the alarms sounded by our intelligence, election, and law enforcement officials that Russia continues to infiltrate our democracy." Whitehouse cautioned that the "threat is getting little attention in Washington."

Whitehouse added: "Instead of taking action to make our elections and institutions more resilient to Russian interference, Congress distracts itself with partisan goose chases. And so far, the Trump administration has failed to articulate any plans to defend against future cyber attacks. We are less than a year out from Election Day. We have serious work to do."

As for future attacks, Hacquebord wrote that social media algorithms will continue to be "susceptible to abuse" for rogue political campaigns as officials and organizations must keep channels open to communicate with the public.

"With the Olympics and several significant global elections taking place in 2018, we can be sure Pawn Storm's activities will continue," Hacquebord wrote.

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.